I wonder if the following simplified setup I am using with AD:

ldap.ADdomain                mydomain.com
ldap.enable                  on
ldap.nssmap.attribute.uniqueMember Member
ldap.nssmap.objectClass.groupOfUniqueNames Group
ldap.nssmap.objectClass.posixAccount User
ldap.nssmap.objectClass.posixGroup Group
ldap.rfc2307bis.enable       on

would also work with IPA domains. I understand this would require NetApp to somehow join the IPA domain creating normal computer account, but I like the fact that I do not have to specify ldap server manually - NetApp finds it via DNS. Given the fact that IPA NS structure is pretty much similar to AD, it should just work, but I haven't tried yet....

Other bonus would be the possibility of using Kerberized NFSv4 w/ Netapp.


On 12/12/2011 11:55 AM, Sigbjorn Lie wrote:

I've used OnTAP 7.3.3 with IPA. Using LDAP lookups for users/groups and 
netgroups so far, using
autenticated connections to the IPA LDAP server. Have not been able to get 
LDAPS working yet.

I still have kerberos for NFSv4 left to configure.

I used the following OnTAP config:

options ldap.base dc=test,dc=local
options ldap.base.group cn=groups,cn=compat,dc=test,dc=local
options ldap.base.netgroup cn=ng,cn=compat,dc=test,dc=local
options ldap.base.passwd cn=users,cn=accounts,dc=test,dc=local
options ldap.servers ipa01.test.local
options ldap.name uid=s-netapp,cn=users,cn=accounts,dc=test,dc=local
options ldap.passwd passwordforbinduser
options ldap.minimum_bind_level      simple
options ldap.usermap.attribute.unixaccount uid
options ldap.servers                 ipa01.test.local
options ldap.port                    389
options ldap.ssl.enable off
options ldap.usermap.attribute.unixaccount uid
options ldap.usermap.attribute.windowsaccount ntUserDomainId
options ldap.enable on


On Mon, December 12, 2011 07:07, Craig T wrote:

Has anyone tried configuring a NetApp Fas 270 filer to work with IPA?
I had it working perfectly via LDAP auth with 389 Directory Server (No IPA 
config) earlier,
however I'm new to IPA and I'm not sure about the importance of being part of the 
a device that will just use LDAP auth?



Freeipa-users mailing list

Freeipa-users mailing list

The information contained in this e-mail and in any attachments is confidential 
and is designated solely for the attention of the intended recipient(s). If you 
are not an intended recipient, you must not use, disclose, copy, distribute or 
retain this e-mail or any part thereof. If you have received this e-mail in 
error, please notify the sender by return e-mail and delete all copies of this 
e-mail from your computer system(s).
Please direct any additional queries to: communicati...@s3group.com.
Thank You.
Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 
Registered Office: South County Business Park, Leopardstown, Dublin 18
Freeipa-users mailing list

Reply via email to